Red Hat Bugzilla – Bug 1209838
domain option needed if hosts provisioned belongs to other domain that that of IDM server
Last modified: 2016-09-15 09:58:30 EDT
Description of problem: My setup details: ----------------- Satellite6 Hostname: sat207-144.itlab.eng.pune.redhat.com Domain: itlab.eng.pune.redhat.com IPA server domain name : katellolabs.org If we select different domain for vm (here itlab.eng.pune.redhat.com) as that of the IPA server ( here katellolabs.org) while provisioning, requires the below change in the idm_register config template. /usr/sbin/ipa-client-install -w '<%= @host.otp %>' --domain=katellolabs.org --realm=<%= @host.realm %> -f -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh please note the extra '--domain=katellolabs.org' required in the above command. If the above extra option is not given it prompts us for the domain name to be specified as it cannot figure the domain name and automatic enrolment fails. Here the vm had the hostname: testvm.itlab.eng.pune.redhat.com Version-Release number of selected component (if applicable): sat6.1 Beta RC5 How reproducible: Steps to Reproduce: 1. while trying REALM Integration as the IPA server will have a different domain. 2. 3. Actual results: Automatic enrolment of the provisioned vm fails. Expected results: needs the below extra option to ipa-client-install command in idm_register template file. '--domain=katellolabs.org' NOTE:- the domain we are specifying is the domain of the IPA server. current: /usr/sbin/ipa-client-install -w '<%= @host.otp %>' --realm=<%= @host.realm %> -f -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh Needs: /usr/sbin/ipa-client-install -w '<%= @host.otp %>' --domain=katellolabs.org --realm=<%= @host.realm %> -f -U $idm_mkhomedir $idm_opts $idm_server $idm_ssh Additional info: May not be an issue if both the sat6 domain and the vm's being provisioned are in same domain.
Created redmine issue http://projects.theforeman.org/issues/11559 from this bug
Upstream bug component is Provisioning
Per Dominic, this is aleady fixed upstream: Already fixed in 1.9.0-RC2. https://github.com/theforeman/community-templates/commit/c2c9c22c291ee0c443c1815ab38a51c83370b042 I am moving this to POST.
I think there are differences between freeipa_register vs idm_register, The below stuff which is required in idm_register "provisioning template" is missing. ----------------------------------------------------------------------------- <% if @host.params['freeipa_server'] -%> <% domain = @host.params['freeipa_domain'] || @host.realm.name.downcase -%> freeipa_server="--server <%= @host.params['freeipa_server'] %> --domain <%=domain %>" <% end -%> Is it that idm_register is not latest like freeipa_register template? TESTED With snap62-snap9.2
Provisioning leads to the below issue, Unable to discover domain, not provided on command line Installation failed. Force set so not rolling back changes.
Not sure I understand the logic of bugs getting bumped out of 6.2, it was fixed upstream, it just never got pulled into 6.2. Easy win... The idm_register snippet is included in foreman_theme_satellite, pretty small diff to get all the changes into 6.2. Can this at least be set for a z-Stream?
The move of the bug off of 6.2 was the result of a mass-move of bugs that did not make the cut. If a fix is available, it can certainly be pulled downstream. Looking at the referenced commit, there is no associated redmine issue. As a result, there is nothing linking the upstream change to the bug, which is typically required for the release tooling and likely the reason it never got pulled in.
Setting the bug to POST, since there is a fix upstream. See comment #4.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1500
Build:6.2.2-1.1.el7sat Steps: 1) Satellite and IDM are in different domain 2) Satellite was successfully enrolled into REALM 3) Satellite had the realm feature enabled 4) Host is provisioned via satellite 5) Host isn't enrolled into REALM Possible problem I could notice is , the variables specially idm_Server in the provisioning template are not set , and the template isn't rendered properly. This in turn , starts the auto discovery of the IDM server in current Satellite sub domains and fails to find the IDM server ipaclient-install.log of the host attached.
On second thoughts, Is it that we need to set the 'idm_server' manually via the Global parameters? key = idm_server, value = idm4bug.katellolabstest.org. Because if I do this the provisioning template now does populate the $idm_server value properly and domain along with it. I added the above key,value to host_group. idm_server="--server idm4bug.katellolabstest.org --domain katellolabstest.org" @stbenjam: Can you please confirm? Just want to make sure we are not testing something which is not intended.
Right, either use autodiscovery (e.g. use the IdM server for DNS) or set the ipa_server variable.
Build:6.2.2-1.1.el7sat Steps: 1) Satellite and IDM are in different domain 2) Satellite was successfully enrolled into REALM 3) Satellite had the realm feature enabled 4) Host is provisioned via satellite 5) Created idm_server entry in host_group with key = idm_server, value = idm4bug.katellolabstest.org 6) Provisioned host via the same hostgroup 7) Prvisioned host enrolled successfully. [root@kbrhel72mul99k ~]# id admin uid=478000000(admin) gid=478000000(admins) groups=478000000(admins) Adding the ipa-client.log Moving to verified...
Created attachment 1200483 [details] ipa-client-install.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1885